on 02-03-2006 2:01 PM
Hi,
I am trying to configure Kerberos Authentication on the portal (EP 6 SP15) for SSO.
According to the SAP documentation
"Configuring Login Module Stacks for Kerberos Authentication"
( http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/frameset.htm) step 4, I have to create a login module stack and add the login module's KrbLoginModule and MappingModule to this stack.
However this modules are not in the list of available Login Modules.
Does anyone know how to add these modules to the list?
Thanx,
Twan Janssen
Hello Janssen,
I'm also trying to do the same. You can add these 2 Login Modules by yourself also and it will be there in the List then. Do the following:-
1. Login to VA
2. Goto Security Provider service
3. User Management -> Manage Security Stores
4. Add Login Module (so here you have to add those 2 Login Modules)
I'm also trying to do this, so better be in touch i think there are lot of things that we have to do.
Please reward points for this.
Regards
Vaib
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vaib,
Procedure to create a Keytab file:
Create a service user in AD.
Login to the ADS server.
On the command line type:
ktpass princ host/<j2ee server host name>@<domain name> -pass <service_user_password> -out <keytab_file_name> +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL
followed by:
ktpass princ HTTP/<j2ee server host name>@<domain name> -pass <service_user_password> -out <keytab_file_name> -in <keytab_file_name> -mapUser <service_username> +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL
fill in your j2ee host and domain name and userid and password of service user.
Regards,
Twan
Thanks Janssen for instructions on KeyTab,
I think for the Class name for the Login Modules :-
Krb5LoginModule & MappingModule
You need to create the OSS as it's not mentioned anywhere in the documentation. OR you may try to give the Login Module name in the class name and see.
Please update me also as i'm also doing the same thing.
Regards
Vaib
Hello everyone,
the correct classname for MappingModule is
<b>com.sap.security.core.server.jaas.SPNegoMappingLoginModule</b>
With this classpath you do not need to deploy spnegoauth.sda on the J2EE Engine to get SPNego up and running. You only need to register the Krb5LoginModule and the MappingModule in the Visual Administrator of the J2EE Engine.
Best Regards,
Yonko<b></b>
User | Count |
---|---|
95 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.